天天看點

認證事件(Authentication Events)添加異常映射(Adding Exception Mappings)預設事件(Default Event)

對于每個成功或失敗的身份驗證,将分别觸發一個 AuthenticationSuccessEvent 或 AbstractAuthenticationFailureEvent 。

要偵聽這些事件,你必須首先釋出一個 AuthenticationEventPublisher,Spring Security 的 DefaultAuthenticationEventPublisher 可能會做得很好:

@Bean
public AuthenticationEventPublisher authenticationEventPublisher
        (ApplicationEventPublisher applicationEventPublisher) {
    return new DefaultAuthenticationEventPublisher(applicationEventPublisher);
}
           

然後,你可以使用 Spring 的@EventListener 支援:

@Component
public class AuthenticationEvents {
	@EventListener
    public void onSuccess(AuthenticationSuccessEvent success) {
		// ...
    }

    @EventListener
    public void onFailure(AbstractAuthenticationFailureEvent failures) {
		// ...
    }
}
           

雖然類似于 AuthenticationSuccessHandler 和 AuthenticationFailureHandler,但它們很好,因為它們可以獨立于Servlet API使用。

添加異常映射(Adding Exception Mappings)

預設情況下,DefaultAuthenticationEventPublisher 将為以下事件釋出一個 AbstractAuthenticationFailureEvent :

Exception Event
BadCredentialsException AuthenticationFailureBadCredentialsEvent
UsernameNotFoundException AuthenticationFailureBadCredentialsEvent
AccountExpiredException AuthenticationFailureExpiredEvent
ProviderNotFoundException AuthenticationFailureProviderNotFoundEvent
DisabledException AuthenticationFailureDisabledEvent
LockedException AuthenticationFailureLockedEvent
AuthenticationServiceException AuthenticationFailureServiceExceptionEvent
CredentialsExpiredException AuthenticationFailureCredentialsExpiredEvent
InvalidBearerTokenException AuthenticationFailureBadCredentialsEvent
釋出者執行精确的異常比對,這意味着這些異常的子類不會也生成事件。
為此,您可能需要通過 setAdditionalExceptionMappings 方法向釋出者提供額外的映射:
@Bean
public AuthenticationEventPublisher authenticationEventPublisher (ApplicationEventPublisher applicationEventPublisher) {
    Map<Class<? extends AuthenticationException>,
        Class<? extends AbstractAuthenticationFailureEvent>> mapping =
            Collections.singletonMap(FooException.class, FooEvent.class);
    AuthenticationEventPublisher authenticationEventPublisher =
        new DefaultAuthenticationEventPublisher(applicationEventPublisher);
    authenticationEventPublisher.setAdditionalExceptionMappings(mapping);
    return authenticationEventPublisher;
}
           

預設事件(Default Event)

您可以提供一個通用事件,以便在發生任何身份驗證異常的情況下觸發:

@Bean
public AuthenticationEventPublisher authenticationEventPublisher
        (ApplicationEventPublisher applicationEventPublisher) {
    AuthenticationEventPublisher authenticationEventPublisher =
        new DefaultAuthenticationEventPublisher(applicationEventPublisher);
    authenticationEventPublisher.setDefaultAuthenticationFailureEvent
        (GenericAuthenticationFailureEvent.class);
    return authenticationEventPublisher;
}
           

繼續閱讀